<?php

defined( 'joscom' ) or die( 'Direct Access to this location is not allowed.' );
  if (defined( '_OSCOMMERCE_LOADED' )) {
    if (!DB_SHARED) {
      tep_db_connect() or die('Unable to connect to database server!');
    }
    global $category_links, $languages_id, $catID, $catID_array, $current_category_id;
    global $request_type, $lng, $cart, $currencies, $language, $navigation, $breadcrumb;
  } else {
    require('components/'.$option.'/includes/application_top.php');
  }
  
  
$query="select MAX(ab.bid_price) as bid_price , ab.customers_id,ap.auctions_id, ap.products_id, pp.products_name, pr.products_model, cc.customers_firstname, cc.customers_lastname, cc.customers_email_address from ".TABLE_AUCTIONS_BIDS." ab,".TABLE_AUCTIONS_PRODUCTS." ap, ".TABLE_CUSTOMERS." cc, ".TABLE_PRODUCTS_DESCRIPTION." pp, ".TABLE_PRODUCTS." pr where ab.auctions_id=ap.auctions_id and ab.customers_id = cc.customers_id and ap.products_id = pp.products_id and ap.products_id = pr.products_id and ap.status = 1 and pr.products_id = ap.products_id and ap.expires_date <'". date("Y-m-d").' '.date("G:i:s")."'  GROUP BY auctions_id"; 
$result=mysql_query($query);
//echo $query;
$num=mysql_numrows($result);

$i=0;
while ($i < $num) {
//Get result Number to work with
$Auction_id=mysql_result($result,$i,"auctions_id");
$asfirstname=mysql_result($result,$i,"customers_firstname");
$aslastname=mysql_result($result,$i,"customers_lastname");
$asemail=mysql_result($result,$i,"customers_email_address");
$asbidprice=mysql_result($result,$i,"bid_price");
$asprodname=mysql_result($result,$i,"products_name");
$asprodmod=mysql_result($result,$i,"products_model");
$asprodid=mysql_result($result,$i,"products_id");
$custida=mysql_result($result,$i,"customers_id");


echo date("Y-m-d").' '.date("G:i:s").'<br>';
echo $custida . '<br>';
echo $asprodid . '<br>';
echo $asbidprice . '<br>';
// send email

tep_mail($asfirstname.' '.$aslastname, $asemail, STORE_NAME . ' Auction Won :'.$asprodmod, 'Dear '.$asfirstname.' '.$aslastname.',<br><br><br>Congratulations. You are the winning bidder for a '.$asprodname.'!<br>
This product has been added to your shopping cart at ' . STORE_NAME . ' <br>
Please log-in to your account at <a href="' . HTTP_SERVER . '">' . HTTP_SERVER .'</a> and proceed directly to the checkout. Once there, you will be given payment and shipping options. Simply select the shipping method and destination you wish to use, then enter your payment details. A receipt will be issued to you upon order completion.<br>
Once payment is confirmed, your order will be dispatched straight away.<br>
<strong>Please see below for final auction details:</strong><br>
Your Auction ID is :'.$Auction_id.' (To be used as reference for direct deposit)<br>
You have bid on '.$asprodmod.', '.$asprodname.'<br>
<br>Your winning bid was :'.$asbidprice.' +Shipping (Please proceed to our checkout for options and pricing)<br>
    
Please contact us at <a href="mailto:admin@Yoursitenamehere.com">admin@Yoursitenamehere.com</a> if you have any further queries.<br>
Thank you for your order.<br>
<br>Regards,<br>
<br>Your name.<br>
Yoursitenamehere.com Administration.<br>
<p>**Security notice : Yoursitenamehere.com will never ask you to reveal your login password. Protect yourself online and keep all login and personal details private and confidential.<br>
A copy of our privacy notice is available online at <a href="http://Yoursitenamehere.com/privacy.php">http://Yoursitenamehere.com/privacy.php.</a><br />  
  <br>
<br>', 'Yoursitenamehere.com', 'admin@Yoursitenamehere.com');


//update database to processed status
$query2 = "update ".TABLE_AUCTIONS_PRODUCTS." SET status = 0 where auctions_id = ".$Auction_id;
$result2=mysql_query($query2);
$query3 = "update ".TABLE_AUCTIONS_BIDS." SET bid_status = 'won' where bid_price = ".$asbidprice;
$result3=mysql_query($query3);
$query4 = "INSERT INTO ".TABLE_CUSTOMERS_BASKET." (auction_product, customers_id, products_id, customers_basket_quantity,final_price, customers_basket_date_added) VALUES ('1',".$custida.", ".$asprodid.",'1', ".$asbidprice.", ".date("Y-m-d").")";
$result4=mysql_query($query4);

$i++;


  }
mysql_close();
  
  
?>

</body>
</html>
